That's an interesting idea... instead of storing the bearer tokens associated with your internally-pointing ocaps (held by external users), salt and hash them. That way if your server is compromised the ocaps that other people hold to you internally can still be valid.

· · Web · 2 · 2 · 6

The ocaps *you* hold to *external* servers however... well... those will still be hosed. But it doesn't look like that can be solved without a certificate-style ocap approach, which doesn't work in the case of simple-linkable-ocaps like we need for protocols like ActivityPub.

@cwebber I mean they're basically passwords so it makes sense to treat them the same way you'd store passwords right?

@aaronpk Yep, it's obvious once proposed, just somehow I had never thought of it :)

@cwebber I feel like we should have a chat about this and turn it into a podcast/video or something. We come from different backgrounds on this front but i feel like share a lot of the same goals.
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!